Posted on January 8, 2020 at 9:17 AM
Reports revealed that some hackers are currently asking for a ransom of $3 million from foreign currency exchange company, Travelex. According to the reports, the hackers infiltrated the company’s website with malware on Dec. 31, which forced the company to shut down all its global websites. Now, the attackers are asking Travelex to pay the sum of $3 million if it wants to restore its services to normal.
Travelex is founded in 1976 and is headquartered in London, with more than 1000 ATMs, 1,200 branches worldwide, and a presence in over 70 countries in the world. The company has the capacity of processing over 5,000 currency transactions hourly. The firm is managed by Finablr, a United Arab Emirates company that is listed on the London Stock Exchange.
Hackers threaten to expose 5GB of customers’ data
The hackers are asking for a ransom; otherwise, they would release customers’ data, which includes their payment card information, dates of birth, as well as their social security numbers. The hackers said they would be forced to release the data to public domains for public access if the company fails to meet up to their demand.
Travelex still investigating the situation
In an attempt to find a solution to the problem, the activities of staff at the company’s headquarters have been limited. They have been asked not to take laptops home as the firm is trying to ascertain the cause of the breach.
The situation has also forced banks that use the company’s foreign exchange service to withdraw their service on online foreign currency orders. The move has affected First Direct, Virgin Money, Tesco Bank, as well as Sainsbury Bank.
For about a week now, the company has been offering foreign exchange services manually, as the firm’s site is still down.
Travelex said sites down due to planned maintenance
The customer website of the exchange service said that its website had been offline as a result of “planned maintenance.” The message read on the portal that the company will reinstate the site and make them available very soon. However, the corporate website stated on the page that their site is not available at the moment because of upgrades intended to improve the services offered.
Travelex revealed on Jan 2 that customer data had not been compromised and their data is still intact. The company has asked its cybersecurity experts and IT specialists to get to the bottom of the situation and remove the virus that has affected the systems online. However, the efforts have not yielded any positive results as the security experts have not been able to regain access to the systems yet. Already, the Metropolitan police have been called to lead the investigation on the cyber attack.
On Thursday, a police spokesperson revealed that the company had called in the services of the Met cyber crime team to try and resolve the situation. He said the company had already contacted the team with information on the situation of the ransomware attack.
Travelex initially warned against vulnerabilities
Before the ransomware attack, Travelex was initially warned about the vulnerabilities within the VPN network. The warning came when the group had a high demand for its services due to the holiday periods.
Virgin money revealed in a statement that the investigation of the attack is still ongoing, although there is currently no known timeline for its resolution. Since it’s an issue that affects the global business of the group, customers are not able to place their orders via the group’s website or any of its dedicated websites.
But customers that still want to process orders can do so directly at the Travelex bureaux. There are few Virgin Money customers likely to be affected by this breach because of a quiet currency demand during the season, the statement reads
Tesco Bank has responded to the issue. According to a spokesperson of the company, it has more than 350 Tesco bureaux that hold stocks for its top currencies. He advised that customers who want to buy currency should contact any of the local bureaux to verify the availability of the currency before buying.
First Direct also commented on the situation, as a spokesperson of the company said all customers’ funds are still accessible because its business does not provide services for pre-loaded currency cards. The spokesperson revealed that there are limited numbers of customers who are waiting for orders. However, he reiterated that First Direct would soon contact affected customers and offer them refunds.